Web content management systems (WCMS) are systems used in creating, publishing, customizing and designing website services by web administrators toward delivering user-centric web applications and services. Such applications include Joomla, Drupal, and WordPress, which have found their usage in various institutions including universities and colleges, non-government and government institutions. While these WCMS provide easy access to web services to the users, they are vulnerable to security breaches and threats. This study sought to ascertain whether web administrators are aware of security concerns in WCMS. The objective of this paper was to identify widely used WCMS and the level of awareness of security breaches on these applications by web administrators. The study employed the census method and presents the results of 40 Web Administrators sampled from four public universities within Nairobi County. We then presented a security control model informed by the data analysis towards proactive mitigation of the potentials of WCMS security threats. The model sought to integrate security measures such as security awareness in the design of WCMS to curb threats related to SQL injections, XSS attackers and unauthorized access of information, and to assist the web administrator in choosing suitable WCMS applications that meet their user preference.
Keywords: Web content management systems; security awareness; web administrators; Drupal; WordPress; Joomla.